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CLAIMS 

What is claimed is: 

1 . A method of managing access by a client to user-specific information 
maintained in connection with a plurality of services offered by a web-services provider 
and used by a user of said plurality of services, the method comprising: 

maintaining a plurality of items user-specific information in more than one of the 
plurality of services; 

obtaining a plurality of cUent access requests directed to accessing the plurality of 
items of user-specific information maintained in the more than one of the plurahty of 
services, said plurality of access requests being translated firom a task request that 
requires the chent to access the plurality of items of user-specific information in order to 
complete the task request; 

invoking a consent management system if the client lacks consent to access one of 
the plurality of items of user-specific information required by the chent to complete the 
task request, said consent management system selectively obtaining consent for the client 
to access the one of the plurahty of items of user-specific information for which the chent 
lacked consent to access; and 

fining the plurahty of chent access requests if the client has permission to access 
each of the plurality of items of user-specific information in the more than one of the 
plurality of services. 

2. The method of claim 1 further comprising: 

initiating the task request requiring the chent to access the plurahty of items of 
user-specific information in order to complete the task request; and 

translating the task request into the plurahty of client access requests to complete 
the task request. 

3. The method of claim 2 wherein selectively obtaining consent for the client 
to access the one of the plurality of items of user-specific information comprises: 

identifying the task request; 

placing the identified task request in a task queue; 
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identifying a party with authority to grant consent to the client to access the one of 
the plurality of items of user-specific information for which the client lacked consent to 
access; and 

displaying a consent menu to the identified party with authority, said consent 
menu prompting the identified party to grant or deny consent for the client to access the 
one of the plurality of items of user-specific information for which the client lacked 
consent to access. 

4. The method of 3 wherein the identified party with authority to grant 
consent is the user of the plurality of services offered by the web-services provider and 
wherein displaying the consent menu to the identified party comprises displaying the 
consent menu to the user. 

5. The method of claim 3 wherein the identified party with authority to grant 
consent is an owner of the one of the plurality of items of user-specific information for 
which the cUent lacked consent to access and wherein displaying the consent menu to the 
identified party comprises displaying the consent menu to the owner. 

6. The method of claim 5 wherein the owner is the user of the plurality of 
services and wherein displaying the consent menu to the identified party comprises 
displaying the consent menu to the user. 

7. The method of claim 3 wherein the user of the plurality of services is a 
managed user and the identified party with authority to grant consent is a manager of the 
managed user and wherein displaying the consent menu to the identified party comprises 
displaying the consent menu to the manager of the managed user. 

8. The method of claim 3 wherein displaying the consent menu to the 
identified party comprises: 

displaying an indication of the one of the plurality of items of user-specific 
information for which the cHent lacked consent to access; 
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displaying an identity of the client; and 

displaying an intended use of the client of the one of the pluraUty of items of user- 
specific information for which the client lacked consent to access. 

9. The method of claim 8 wherein displaying a consent menu to the 
identified party fiirther comprises displaying a method of access requested by the client to 
complete the initiated task request, 

10. The method of claim 8 wherein displaying a consent menu to the 
identified party flirther comprises displaying an indication of a status of each of the 
plurality of cUent access requests translated from the task request. 

1 1 . The method of claim 10 wherein displaying an indication of the status of 
each of the plurality of client access requests comprises displaying an indication of 
whether the client has consent from the identified party to access the plurality of items of 
user-specific information in the more than one of the pluraUty of services. 

12. The method of claim 3 wherein identifying the task request comprises: 
transmitting a task identifier to the consent management system, said task 

identifier identifying the plurality of client access requests to complete the task request; 
and 

identifying the one of the plurality of items of user-specific information for which 
the client lacked consent to access. 

13. The method of claim 3 fiirther comprising: 

providing a consent acceptance message being indicative of whether the identified 
party granted consent for the client to access the one of the plurality of items of user- 
specific information for which the client lacked consent; and 

updating an access control list associated with the one of the pluraUty of items of 
user-specific information for which the client lacked consent if the consent acceptance 
message indicates that the identified party granted consent, whereby upon updating said 
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access control list, the client has consent to access the one of the plurahty of items of 
user-specijQc information. 

14. The method of claim 13 further comprising removing the identified task 
from the task queue if the consent acceptance message indicates that the identified party 
granted consent. 

15. The method of claim 13 further comprising transmitting a consent success 
message to the client, said consent success message being indicative of whether the 
identified party granted consent for the cUent to access the one of the plurality of items of 
user-specific information for which the client lacked consent, 

16. The method of claim 13 wherein updating the access control Ust further 
comprises setting a time limit in which the client has consent to access the one of the 
plurality of items of user-specific information. 

17. The method of claim 3 wherein displaying the consent menu to the 
identified party further comprises displaying an invitation to allow the client enjoy a one- 
time only access to the one of the plurality of items of user-specific information for 
which the chent lacked consent. 

18. The method of claim 3 wherein selectively obtaining consent for the chent 
to access the one of the plurality of items of user-specific information further comprises 
sending an alert message to the party with authority to grant consent, said alert message 
alerting the party with authority to grant consent that the chent seeks access to the one of 
the plurahty of items of user-specific information for which the client lacked consent. 

19. The method of claim 3 further comprising: 

providing a consent acceptance message being indicative of whether the identified 
party granted consent for the chent to access the one of the plurality of items of user- 
specific information for which the client lacked consent; 
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granting consent to allow the client to access the one of the pluraUty of items of 
user-specific information if the consent acceptance message indicates that the identified 
party granted consent. 

20. One or more computer-readable media having computer-executable 
instructions for performing the method recited in claim 1. 

21 . A task-based method of managing consent transactions in a network 
computing environment, said network computing environment hacluding a web-services 
provider providing a first service and a second service, a user of the first service and the 
second service, and a client of the web-services provider, the method comprising: 

maintaining a first data store of user-specific information in connection with the 
first service; 

maintaining a second data store of user-specific information in connection with 
the second service; 

obtaining a first access request firom the client and directed to the first service, 
said first access request indicating a first item of user-specific information maintained in 
the first data store to which the client seeks access in order to complete a task request; 

obtaining a second access request from the client and directed to the second 
service, said second access request indicating a second item of user-specific information 
maintained in the second data store to which the chent seeks access in order to complete 
the task request; 

determining if the client has consent to access the first item of user-specific 
information and the second item of user-specific information; 

invoking a consent management system if it is determined that consent does not 
currently exist to allow the client to access the first item of user-specific information, said 
consent management system conducting a consent management transaction comprising: 
identifying a party with authority to grant consent to the chent to access 

the first item of user-specific information; and 
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displaying a consent menu to the identified party with authority, said 
consent menu prompting the identified party to grant or deny consent to the client 
25 to access the first item of user-specific information. 

22. The method of claim 21 further comprising: 

initiating a task request from the user that requires the client to access the first 
item of user-specific information and the second item of user-specific information; and 
translating the task request into the first access request and the second access 
5 request. 



m 



23. The method of claim 21 wherein invoking the consent management 
system further comprises identifying the task request and wherein conducting a consent 
management transaction further comprises: 

retrieving a task manifest corresponding to the task request, said task manifest 



•J I 

M 5 identifying the first and second items of user-specific information; and 
" preparing an entry for display on the consent menu based on the task manifest. 

5*1 ? 

m 24. The method of claim 21 further comprising filling the second access 



11 2 



request only if the client has consent to access both the first item of user-specific 
information and the second item of user-specific information. 



25. One or more computer-readable media having computer-executable 
instructions for performing the method recited in claim 21 . 

26. A method of managing consent transactions in a network computing 
environment, said network computing environment including a web-services provider 
providing a plurality of services, a user of the plurality of services, said web-services 
provider maintaining user-specific information associated with the user in connection 

5 with the plurality of services, and a client of the web-services provider, said user 

initiating a task request with the cHent, said client directing a plurality of access requests 
to the plurality of services in order to complete the task request, the method comprising: 
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invoking a consent m^agement process if the client lacks a consent required to 
complete one of the plurality of access requests, said consent management process 
comprising: 

identifying a party with authority to grant consent to allow the chent to 
complete the one of the plurality of access requests for which the cUent lacks 
consent; and 

initiating a consent request transaction with the identified party with 
authority to grant consent, said consent request transaction inviting the party with 
authority to grant consent to allow the client to complete the one of the plxirality 
of access requests. 

27. The method of claim 26 wherein initiating a consent request transaction 
further comprises displaying a consent menu to the identified party with authority to 
grant consent, said consent menu prompting the identified party to grant or deny consent 
for the chent to complete the one of the plurality of access requests. 

28. The method of claim 27 wherein the identified party with authority to 
grant consent is the user of the plurality of services and wherein displaying the consent 
menu to said identified party comprises displaying the consent menu to the user. 

29. The method of claim 27 wherein the identified party with authority to 
grant consent is an owner of the user-specific uiformation associated with the user and 
wherein displaying the consent menu to said identified party comprises displaying the 
consent menu to the owner. 

30. The method of claim 27 wherein the user of the plurality of services is a 
managed user and the identified party with authority to grant consent is a manager of the 
managed user and wherein displaying the consent menu to said identified party comprises 
displaying the consent menu to the manager of the managed user. 
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3 1 . The method of claim 27 wherein prompting the identified party to grant or 
deny consent for the client to complete the one of the plurality of access requests 
comprises providing a one-time only consent option whereby when said identified party 
selects the one-time only consent option the cUent is allowed to complete the one of the 

5 pluraUty of access requests only for completing the task request, 

32, The method of claim 26 wherein initiating the consent transaction with the 
party with authority to grant consent further comprises sending an alert message to said 
party with authority, said alert message alerting said party that the client is seeking access 
to the user-specific information. 



34. A system for controlling access to user-specific information in a network 
computing environment, the system comprising: 

a web-services provider providing a service; 

a user of the service, the web-services provider maintaining an item of user- 
5 specific information associated with the user in a data store associated with the service; 

a cHent of the web-services provider, said client operatively communicating with 
the user dnd seeking access to the item of user-specific information; 

an access control list associated with the item of user-specific information, said 
access control list indicating whether consent exists to allow the client to access the item 
10 of user-specific information; and 

a consent management system for controlling an update of the access control hst, 
said consent management system initiating a consent transaction with a party having 
authority to grant consent to update the access control list when the access control list 
indicates that consent does not exist to allow the client to access the item of user-specific 
15 information. 




33. One or more computer-readable media having computer-executable 
instructions for performing the method recited in claim 26. 
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35. The system of claim 34 wherein the consent management system 
comprises a consent user interface for displaying a consent menu to the party having 
authority to update the access control Ust, said consent menu prompting the identified 
party to grant or deny consent to allow the chent to access the item of user-specific 
information, whereby if the identified party grants consent the consent management 
system operatively updates the access control Hst to indicate that the client has consent to 
access the item of user-specific information. 

36. The system of claim 35 wherein the consent management system further 
comprises a consent server associated with the consent user interface for determinmg the 
party having authority to update the access control list and for operatively updating the 
access control hst if the identified party grants consent to allow the client to access the 
item of user-specific information. 

37. The system of claim 35 wherein the consent menu identifies a plurality of 
menu entries comprising: 

an identity of the client; 

a method by which the chent seeks to access the item of user-specific 
information; and 

a purpose for which the client seeks to access the item of user-specific 
information. 

38. The system of claim 37 wherein the plurahty of menu entries fiirther 
comprises a value proposition associated with the purpose for which the client desires to 
access the first item of user-specific information. 

39. A system for controUmg access to user-specific information in a network 
computing environment, said system comprising: 

a user transmitting a task request; 

a web-services provider providing a first service and a second service, said web- 
services provider maintaining a first of item of user-specific information associated with 
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the user in connection with the first service and a second item of user-specific 
information associated with the user in connection with the second service, said first and 
second services requiring consent before allowing access to the first and second items of 
user-specific information; 

a client in digital communication with the user and receiving the task request, said 
client translating the task request into a first access request and a second access request, 
said first access request being directed to the first service and seeking access to the first 
item of user-specific information and said second access request being directed to the 
second service and seeking access to the second item of user-specific information; and 

a consent management system being selectively invoked by the client if the client 
lacks consent to access the first item of user-specific information, said consent 
management system identifying a party with authority to grant consent to the client to 
access the first item of user-specific information and initiating a consent request 
transaction with the party with authority to grant consent to the client to access the first 
item of user-specific information, said consent request transaction inviting the party with 
authority to grant consent to allow the chent to access the first item of user-specific 
information. 

40. The system of claim 39 wherein the consent management system fiirther 
comprises a consent user interface for displaying a consent menu to the party with 
authority to grant consent to the client to access the first item of user-specific 
information. 

41 . The system of claim 40 wherein the consent menu identifies a plurality of 
menu entries comprising: 

an identity of the cHent; 

a method by which the chent proposes to access the first item of user-specific 
information; and 

a purpose for which the client desires to access the first item of user-specific 
information. 
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42. The system of claim 41 wherein the plurality of menu entries further 
comprises a value proposition associated with the purpose for which the client desires to 
access the first item of user-specific information. 

43. A method of controlling access to user-specific information for use in 
connection with a network computing environment including a web-services provider, a 
user of a service provided by the web-services provider, and a client of the web-services 
provider, said web-services provider maintaining a data store of user-specific information 
associated with the user in connection with the service, and said client seeking access to 
an item of user-specific information in the data store and transmitting an access request 
message directed to the service and indicating the item of user-specific information in the 
data store to which the client seeks access, the method comprising: 

comparing the access request message to an access control list associated with the 
service, said access control hst identifying whether the client has permission to access the 
item of user-specific information; 

placing the access request in a pending request queue; 

transmitting a service response message to the client, said service response 
message indicating a fault if the access control hst identifies that the client does not have 
permission to access the item of user-specific information and said service response 
message indicating a success if the access control list identifies that the client has 
permission to access the item of user-specific information; 

invoking a consent management system if the service response message received 
by the client indicates a fault; and 

filling the access request if the access control list authorizes the client to access 
the item of user-specific information in the data store and removing the access request 
fi-om the pending request queue. 

44. The method of claim 43 wherein invoking the consent management 
system fiirfher comprises: 

identifying a party with authority to grant permission to the client to access the 
item of user-specific information; and 
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displaying a consent menu to the identified party with authority to grant 
permission, said consent menu prompting the identified party to grant or deny permission 
for the client to access the item of user-specific information. 

45. The method of claim 44 wherein the identified party is the user of the 
service and wherein displaying a consent menu to the identified party comprises 
displaying the consent menu to the user. 

46. The method of claim 44 wherein the identified party is an owner of the 
item of user-specific information and wherein displaying the consent menu to the 
identified party comprises displaying the consent menu to the owner. 

47. The method of claim 44 wherein the user is a managed user and the 
identified party is a manager of the managed user and wherein displaying the consent 
menu to the identified party comprises displaying the consent menu to the manager of the 
managed user. 

48. One or more computer-readable media having computer-executable 
instructions for performing the method recited in claim 43. 
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